{ config, pkgs, lib, ... }:

{
  services.gitea = {
    enable = true;
    appName = "binary-it Gitea Service";
    user = "gitea";
    database = {
      type = "postgres";
      # todo: find better persistent location for passfile or use derivation
      # file needs to be readable by gitea
      passwordFile = "/etc/gitea-db-passfile";
      user = "gitea";
      host = "localhost";
      port = 5432;
      name = "gitea";
    };
    domain = "gitea.local";
    rootUrl = "http://gitea.local/";
    httpPort = 3001;
    settings.service = {
      REGISTER_EMAIL_CONFIRM = true;
      REGISTER_MANUAL_CONFIRM = false;
      DISABLE_REGISTRATION = false;
      REQUIRE_SIGNIN_VIEW = true;
      ENABLE_NOTIFY_MAIL = true;
      ALLOW_ONLY_INTERNAL_REGISTRATION = true;
    };
    settings.repository = {
      DEFAULT_BRANCH = "master";
    };
    settings.mailer = {
      ENABLED = true;
      MAILER_TYPE = "sendmail";
      FROM = "do-not-reply@gitea.local";
      SENDMAIL_PATH = "''${pkgs.system-sendmail}/bin/sendmail";
    };
    settings.openid = {
      ENABLE_OPENID_SIGNIN = true;
      ENABLE_OPENID_SIGNUP = true;
      WHITELISTED_URIS = ''["*keycloak.local*"]'' ;
    };
    settings.other = {
      #SHOW_FOOTER_VERSION = false;
    };
  };
}
